A recent investigation by the Office of the Information and Privacy Commissioner for British Columbia revealed that half of the individuals who were hospitalized for treatment following the tragic Lapu-Lapu Day attack in Vancouver had their privacy violated by unauthorized access to their medical records.
The incident, which occurred on April 26, 2025, involved a driver crashing an SUV into a Filipino street festival, resulting in the deaths of 11 people and multiple injuries. Subsequent reports of ‘snooping’ by employees at Vancouver Coastal Health, Fraser Health Authority, Providence Health Care, and the Provincial Health Services Authority prompted the investigation.
According to the report, 35 employees from the health authorities and a physician’s office were found to have accessed the medical records of 16 victims without authorization. Some employees breached privacy multiple times, accessing personal information out of curiosity or disclosing it to colleagues.
Privacy violations not only cause additional stress for patients but also tarnish the reputation of the healthcare system and can compromise the quality of care provided. Commissioner Michael Harvey emphasized the importance of robust security measures to prevent unauthorized access to sensitive information.
The report outlined various sanctions imposed on the violators, including reprimands, access restrictions, suspensions, and terminations. Additionally, employees were required to undergo privacy training, sign confidentiality agreements, and undergo increased monitoring.
In response to the findings, the health authorities have accepted the recommendations for stronger disciplinary measures to prevent future breaches and protect patient privacy.
Keyphrase: Vancouver privacy breach healthcare